watch this  

the official mrchucho blog

Still Learning, Part One

Posted 2007 Feb 01

Recently, I was struggling with part of my Rails application. Feeling I was missing the point, I sent this submission to The Rails Way.

In a nutshell, I have a attendance management system that can support many different organizations ( e.g. schools, churches, etc.). All facets of the attendance management system are “tied” to a particular organization such that a user in a given organization can only create, edit or view data with a matching organization_id. I think you can guess my problem now…

I end up having to pass the current user’s “organization_id” around EVERYWHERE. I’ve been able to DRY to a certain degree using with_scope:

class User < ActiveRecord::Base
  belongs_to :organization

class Attendance < ActiveRecord::Basee
  belongs_to :organization

  # current_user is an instance of User, passed in by the controller
  def Attendance.find_todays_attendance(current_user)
    Attendance.with_organization_scope(current_user.organization_id) do
      find(:all, :conditions => ['attendance_recorded_on = ?',])

  def Attendance.with_organization_scope(org_id)
    with_scope(:find => {:conditions => ["attendances.organization_id = ?", org_id]}) do

And so on. But I still have to add current_user or organization_id as a parameter to just about every method call. And the biggest problem is that it fails “silently” – i.e. if you forget to check the organization_id you could expose another organization’s private data.

Check back for Part Two where I think I’ve finally seen the light.

Responses to "Still Learning, Part One"

No responses yet.

Comments are now closed.
atom rss